]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - Makefile
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Makefile: Fix check for current git tag.
[people/stevee/selinux-policy.git] / Makefile
1 #
2 # Makefile for the security policy.
3 #
4 # Targets:
5 #
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
14 #
15 # The default target is 'policy'.
16 #
17 #
18 # Please see build.conf for policy build options.
19 #
20 #
21 VERSION = $(shell git tag 2>/dev/null | tail -n1)
22
23 ########################################
24 #
25 # NO OPTIONS BELOW HERE
26 #
27
28 # Include the local build.conf if it exists, otherwise
29 # include the configuration of the root directory.
30 include build.conf
31
32 ifdef LOCAL_ROOT
33 -include $(LOCAL_ROOT)/build.conf
34 endif
35
36 # refpolicy version
37 version = $(shell cat VERSION)
38
39 ifdef LOCAL_ROOT
40 builddir := $(LOCAL_ROOT)/
41 tmpdir := $(LOCAL_ROOT)/tmp
42 tags := $(LOCAL_ROOT)/tags
43 else
44 tmpdir := tmp
45 tags := tags
46 endif
47
48 # executable paths
49 BINDIR ?= /usr/bin
50 SBINDIR ?= /usr/sbin
51 ifdef TEST_TOOLCHAIN
52 tc_usrbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)$(BINDIR)
53 tc_usrsbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)$(SBINDIR)
54 tc_sbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)/sbin
55 else
56 tc_usrbindir := $(BINDIR)
57 tc_usrsbindir := $(SBINDIR)
58 tc_sbindir := /sbin
59 endif
60 CHECKPOLICY ?= $(tc_usrbindir)/checkpolicy
61 CHECKMODULE ?= $(tc_usrbindir)/checkmodule
62 SEMODULE ?= $(tc_usrsbindir)/semodule
63 SEMOD_PKG ?= $(tc_usrbindir)/semodule_package
64 SEMOD_LNK ?= $(tc_usrbindir)/semodule_link
65 SEMOD_EXP ?= $(tc_usrbindir)/semodule_expand
66 SEPOLGEN ?= $(tc_usrbindir)/sepolgen-ifgen
67 LOADPOLICY ?= $(tc_usrsbindir)/load_policy
68 SETFILES ?= $(tc_sbindir)/setfiles
69 XMLLINT ?= $(BINDIR)/xmllint
70 SECHECK ?= $(BINDIR)/sechecker
71
72 # interpreters and aux tools
73 AWK ?= gawk
74 GREP ?= egrep
75 INSTALL ?= install
76 M4 ?= m4
77 PYTHON ?= python
78 SED ?= sed
79 SORT ?= LC_ALL=C sort
80
81 CFLAGS += -Wall
82
83 # policy source layout
84 poldir := policy
85 moddir := $(poldir)/modules
86 flaskdir := $(poldir)/flask
87 secclass := $(flaskdir)/security_classes
88 isids := $(flaskdir)/initial_sids
89 avs := $(flaskdir)/access_vectors
90
91 # local source layout
92 ifdef LOCAL_ROOT
93 local_poldir := $(LOCAL_ROOT)/policy
94 local_moddir := $(local_poldir)/modules
95 endif
96
97 # policy building support tools
98 support := support
99 genxml := $(PYTHON) -E $(support)/segenxml.py
100 gendoc := $(PYTHON) -E $(support)/sedoctool.py
101 genperm := $(PYTHON) -E $(support)/genclassperms.py
102 fcsort := $(tmpdir)/fc_sort
103 setbools := $(AWK) -f $(support)/set_bools_tuns.awk
104 get_type_attr_decl := $(SED) -r -f $(support)/get_type_attr_decl.sed
105 comment_move_decl := $(SED) -r -f $(support)/comment_move_decl.sed
106 gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py
107 m4iferror := $(support)/iferror.m4
108 m4divert := $(support)/divert.m4
109 m4undivert := $(support)/undivert.m4
110 # use our own genhomedircon to make sure we have a known usable one,
111 # so policycoreutils updates are not required (RHEL4)
112 genhomedircon := $(PYTHON) -E $(support)/genhomedircon
113
114 # documentation paths
115 docs := doc
116 xmldtd = $(docs)/policy.dtd
117 metaxml = metadata.xml
118 doctemplate = $(docs)/templates
119 docfiles = $(docs)/Makefile.example $(addprefix $(docs)/,example.te example.if example.fc)
120
121 ifndef LOCAL_ROOT
122 polxml = $(docs)/policy.xml
123 tunxml = $(docs)/global_tunables.xml
124 boolxml = $(docs)/global_booleans.xml
125 htmldir = $(docs)/html
126 else
127 polxml = $(LOCAL_ROOT)/doc/policy.xml
128 tunxml = $(LOCAL_ROOT)/doc/global_tunables.xml
129 boolxml = $(LOCAL_ROOT)/doc/global_booleans.xml
130 htmldir = $(LOCAL_ROOT)/doc/html
131 endif
132
133 # config file paths
134 globaltun = $(poldir)/global_tunables
135 globalbool = $(poldir)/global_booleans
136 rolemap = $(poldir)/rolemap
137 user_files := $(poldir)/users
138 policycaps := $(poldir)/policy_capabilities
139
140 # local config file paths
141 ifndef LOCAL_ROOT
142 mod_conf = $(poldir)/modules.conf
143 booleans = $(poldir)/booleans.conf
144 tunables = $(poldir)/tunables.conf
145 else
146 mod_conf = $(local_poldir)/modules.conf
147 booleans = $(local_poldir)/booleans.conf
148 tunables = $(local_poldir)/tunables.conf
149 endif
150
151 # install paths
152 PKGNAME ?= refpolicy-$(version)
153 prefix = $(DESTDIR)/usr
154 topdir = $(DESTDIR)/etc/selinux
155 installdir = $(topdir)/$(strip $(NAME))
156 srcpath = $(installdir)/src
157 userpath = $(installdir)/users
158 policypath = $(installdir)/policy
159 contextpath = $(installdir)/contexts
160 homedirpath = $(contextpath)/files/homedir_template
161 fcpath = $(contextpath)/files/file_contexts
162 ncpath = $(contextpath)/netfilter_contexts
163 sharedir = $(prefix)/share/selinux
164 modpkgdir = $(sharedir)/$(strip $(NAME))
165 headerdir = $(modpkgdir)/include
166 docsdir = $(prefix)/share/doc/$(PKGNAME)
167
168 # enable MLS if requested.
169 ifeq "$(TYPE)" "mls"
170 M4PARAM += -D enable_mls
171 CHECKPOLICY += -M
172 CHECKMODULE += -M
173 gennetfilter += -m
174 endif
175
176 # enable MLS if MCS requested.
177 ifeq "$(TYPE)" "mcs"
178 M4PARAM += -D enable_mcs
179 CHECKPOLICY += -M
180 CHECKMODULE += -M
181 gennetfilter += -c
182 endif
183
184 # enable distribution-specific policy
185 ifneq ($(DISTRO),)
186 M4PARAM += -D distro_$(DISTRO)
187 endif
188
189 # rhel4 also implies redhat
190 ifeq "$(DISTRO)" "rhel4"
191 M4PARAM += -D distro_redhat
192 endif
193
194 ifeq "$(DISTRO)" "ubuntu"
195 M4PARAM += -D distro_debian
196 endif
197
198 ifneq ($(OUTPUT_POLICY),)
199 CHECKPOLICY += -c $(OUTPUT_POLICY)
200 endif
201
202 ifneq "$(CUSTOM_BUILDOPT)" ""
203 M4PARAM += $(foreach opt,$(CUSTOM_BUILDOPT),-D $(opt))
204 endif
205
206 # if not set, use the type as the name.
207 NAME ?= $(TYPE)
208
209 # default unknown permissions setting
210 #UNK_PERMS ?= deny
211
212 ifeq ($(DIRECT_INITRC),y)
213 M4PARAM += -D direct_sysadm_daemon
214 endif
215
216 ifeq "$(UBAC)" "y"
217 M4PARAM += -D enable_ubac
218 endif
219
220 # default MLS/MCS sensitivity and category settings.
221 MLS_SENS ?= 16
222 MLS_CATS ?= 1024
223 MCS_CATS ?= 1024
224
225 ifeq ($(QUIET),y)
226 verbose = @
227 endif
228
229 M4PARAM += -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS) -D hide_broken_symptoms
230
231 # we need exuberant ctags; unfortunately it is named
232 # differently on different distros
233 ifeq ($(DISTRO),debian)
234 CTAGS := ctags-exuberant
235 endif
236
237 ifeq ($(DISTRO),gentoo)
238 CTAGS := exuberant-ctags
239 endif
240
241 CTAGS ?= ctags
242
243 m4support := $(m4divert) $(wildcard $(poldir)/support/*.spt)
244 ifdef LOCAL_ROOT
245 m4support += $(wildcard $(local_poldir)/support/*.spt)
246 endif
247 m4support += $(m4undivert)
248
249 appconf := config/appconfig-$(TYPE)
250 seusers := $(appconf)/seusers
251 appdir := $(contextpath)
252 user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
253 user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
254 appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context) $(contextpath)/files/media $(user_default_contexts_names)
255 net_contexts := $(builddir)net_contexts
256
257 all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
258 ifdef LOCAL_ROOT
259 all_layers += $(shell find $(wildcard $(local_moddir)/*) -maxdepth 0 -type d)
260 endif
261
262 generated_te := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te.in)))
263 generated_if := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.if.in)))
264 generated_fc := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.fc.in)))
265
266 # sort here since it removes duplicates, which can happen
267 # when a generated file is already generated
268 detected_mods := $(sort $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te)) $(generated_te))
269
270 modxml := $(addprefix $(tmpdir)/, $(detected_mods:.te=.xml))
271 layerxml := $(sort $(addprefix $(tmpdir)/, $(notdir $(addsuffix .xml,$(all_layers)))))
272 layer_names := $(sort $(notdir $(all_layers)))
273 all_metaxml = $(call detect-metaxml, $(layer_names))
274
275 # modules.conf setting for base module
276 configbase := base
277
278 # modules.conf setting for loadable module
279 configmod := module
280
281 # modules.conf setting for unused module
282 configoff := off
283
284 # test for module overrides from command line
285 mod_test = $(filter $(APPS_OFF), $(APPS_BASE) $(APPS_MODS))
286 mod_test += $(filter $(APPS_MODS), $(APPS_BASE))
287 ifneq "$(strip $(mod_test))" ""
288 $(error Applications must be base, module, or off, and not in more than one list! $(strip $(mod_test)) found in multiple lists!)
289 endif
290
291 # add on suffix to modules specified on command line
292 cmdline_base := $(addsuffix .te,$(APPS_BASE))
293 cmdline_mods := $(addsuffix .te,$(APPS_MODS))
294 cmdline_off := $(addsuffix .te,$(APPS_OFF))
295
296 # extract settings from modules.conf
297 mod_conf_base := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf) 2> /dev/null)))
298 mod_conf_mods := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf) 2> /dev/null)))
299 mod_conf_off := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf) 2> /dev/null)))
300
301 base_mods := $(cmdline_base)
302 mod_mods := $(cmdline_mods)
303 off_mods := $(cmdline_off)
304
305 base_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_base))
306 mod_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_mods))
307 off_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_conf_off))
308
309 # add modules not in modules.conf to the off list
310 off_mods += $(filter-out $(base_mods) $(mod_mods) $(off_mods),$(notdir $(detected_mods)))
311
312 # filesystems to be used in labeling targets
313 filesystems = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
314 fs_names := "btrfs ext2 ext3 ext4 xfs jfs"
315
316 ########################################
317 #
318 # Functions
319 #
320
321 # parse-rolemap-compat modulename,outputfile
322 define parse-rolemap-compat
323 $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
324 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
325 endef
326
327 # parse-rolemap modulename,outputfile
328 define parse-rolemap
329 $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
330 $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
331 endef
332
333 # perrole-expansion modulename,outputfile
334 define perrole-expansion
335 $(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
336 $(call parse-rolemap,$1,$2)
337 $(verbose) echo "')" >> $2
338
339 $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
340 $(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
341 $(call parse-rolemap-compat,$1,$2)
342 $(verbose) echo "')" >> $2
343 endef
344
345 # create-base-per-role-tmpl modulenames,outputfile
346 define create-base-per-role-tmpl
347 $(verbose) echo "define(\`base_per_role_template',\`" >> $2
348
349 $(verbose) for i in $1; do \
350 echo "ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
351 >> $2 ;\
352 done
353
354 $(verbose) for i in $1; do \
355 echo "ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
356 echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
357 echo """$$i""_per_userdomain_template("'$$*'")')" >> $2 ;\
358 done
359 $(verbose) echo "')" >> $@
360
361 endef
362
363 # detect-metaxml layer_names
364 ifdef LOCAL_ROOT
365 define detect-metaxml
366 $(shell for i in $1; do \
367 if [ -d $(moddir)/$$i -a -d $(local_moddir)/$$i ]; then \
368 if [ -f $(local_moddir)/$$i/$(metaxml) ]; then \
369 echo $(local_moddir)/$$i/$(metaxml) ;\
370 else \
371 echo $(moddir)/$$i/$(metaxml) ;\
372 fi \
373 elif [ -d $(local_moddir)/$$i ]; then
374 echo $(local_moddir)/$$i/$(metaxml) ;\
375 else \
376 echo $(moddir)/$$i/$(metaxml) ;\
377 fi \
378 done )
379 endef
380 else
381 define detect-metaxml
382 $(shell for i in $1; do echo $(moddir)/$$i/$(metaxml); done)
383 endef
384 endif
385
386 ########################################
387 #
388 # Load appropriate rules
389 #
390
391 ifeq ($(MONOLITHIC),y)
392 include Rules.monolithic
393 else
394 include Rules.modular
395 endif
396
397 ########################################
398 #
399 # Generated files
400 #
401 # NOTE: There is no "local" version of these files.
402 #
403 generate: $(generated_te) $(generated_if) $(generated_fc)
404
405 $(moddir)/kernel/corenetwork.if: $(moddir)/kernel/corenetwork.te.in $(moddir)/kernel/corenetwork.if.m4 $(moddir)/kernel/corenetwork.if.in
406 @echo "#" > $@
407 @echo "# This is a generated file! Instead of modifying this file, the" >> $@
408 @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
409 @echo "#" >> $@
410 $(verbose) cat $@.in >> $@
411 $(verbose) $(GREP) "^[[:blank:]]*network_(interface|node|port|packet)(_controlled)?\(.*\)" $< \
412 | $(M4) -D self_contained_policy $(M4PARAM) $(m4divert) $@.m4 $(m4undivert) - \
413 | $(SED) -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
414
415 $(moddir)/kernel/corenetwork.te: $(moddir)/kernel/corenetwork.te.m4 $(moddir)/kernel/corenetwork.te.in
416 @echo "#" > $@
417 @echo "# This is a generated file! Instead of modifying this file, the" >> $@
418 @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
419 @echo "#" >> $@
420 $(verbose) $(M4) -D self_contained_policy $(M4PARAM) $^ \
421 | $(SED) -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
422
423 ########################################
424 #
425 # Network packet labeling
426 #
427 $(net_contexts): $(moddir)/kernel/corenetwork.te.in
428 @echo "Creating netfilter network labeling rules"
429 $(verbose) $(gennetfilter) $^ > $@
430
431 ########################################
432 #
433 # Create config files
434 #
435 conf: $(mod_conf) $(booleans) $(generated_te) $(generated_if) $(generated_fc)
436
437 $(mod_conf) $(booleans): $(polxml)
438 @echo "Updating $(mod_conf) and $(booleans)"
439 $(verbose) $(gendoc) -b $(booleans) -m $(mod_conf) -x $(polxml)
440
441 ########################################
442 #
443 # Generate the fc_sort program
444 #
445 $(fcsort) : $(support)/fc_sort.c
446 $(verbose) $(CC) $(CFLAGS) $^ -o $@
447
448 ########################################
449 #
450 # Documentation generation
451 #
452 $(layerxml): %.xml: $(all_metaxml) $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)) $(subst .te,.if, $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods)))
453 @test -d $(tmpdir) || mkdir -p $(tmpdir)
454 $(verbose) cat $(filter %$(notdir $*)/$(metaxml), $(all_metaxml)) > $@
455 $(verbose) for i in $(basename $(filter $(addprefix $(moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
456 ifdef LOCAL_ROOT
457 $(verbose) for i in $(basename $(filter $(addprefix $(local_moddir)/, $(notdir $*))%, $(detected_mods))); do $(genxml) -w -m $$i >> $@; done
458 endif
459
460 $(tunxml): $(globaltun)
461 $(verbose) $(genxml) -w -t $< > $@
462
463 $(boolxml): $(globalbool)
464 $(verbose) $(genxml) -w -b $< > $@
465
466 $(polxml): $(layerxml) $(tunxml) $(boolxml)
467 @echo "Creating $(@F)"
468 @test -d $(dir $(polxml)) || mkdir -p $(dir $(polxml))
469 @test -d $(tmpdir) || mkdir -p $(tmpdir)
470 $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
471 $(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
472 $(verbose) echo '<policy>' >> $@
473 $(verbose) for i in $(basename $(notdir $(layerxml))); do echo "<layer name=\"$$i\">" >> $@; cat $(tmpdir)/$$i.xml >> $@; echo "</layer>" >> $@; done
474 $(verbose) cat $(tunxml) $(boolxml) >> $@
475 $(verbose) echo '</policy>' >> $@
476 $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
477 $(XMLLINT) --noout --path $(dir $(xmldtd)) --dtdvalid $(xmldtd) $@ ;\
478 fi
479
480 xml: $(polxml)
481
482 html $(tmpdir)/html: $(polxml)
483 @echo "Building html interface reference documentation in $(htmldir)"
484 @test -d $(htmldir) || mkdir -p $(htmldir)
485 @test -d $(tmpdir) || mkdir -p $(tmpdir)
486 $(verbose) $(gendoc) -d $(htmldir) -T $(doctemplate) -x $(polxml)
487 $(verbose) cp $(doctemplate)/*.css $(htmldir)
488 @touch $(tmpdir)/html
489
490 ########################################
491 #
492 # Runtime binary policy patching of users
493 #
494 $(userpath)/system.users: $(m4support) $(tmpdir)/generated_definitions.conf $(user_files)
495 @mkdir -p $(tmpdir)
496 @mkdir -p $(userpath)
497 @echo "Installing system.users"
498 @echo "# " > $(tmpdir)/system.users
499 @echo "# Do not edit this file. " >> $(tmpdir)/system.users
500 @echo "# This file is replaced on reinstalls of this policy." >> $(tmpdir)/system.users
501 @echo "# Please edit local.users to make local changes." >> $(tmpdir)/system.users
502 @echo "#" >> $(tmpdir)/system.users
503 $(verbose) $(M4) -D self_contained_policy $(M4PARAM) $^ | $(SED) -r -e 's/^[[:blank:]]+//' \
504 -e '/^[[:blank:]]*($$|#)/d' >> $(tmpdir)/system.users
505 $(verbose) $(INSTALL) -m 644 $(tmpdir)/system.users $@
506
507 $(userpath)/local.users: config/local.users
508 @mkdir -p $(userpath)
509 @echo "Installing local.users"
510 $(verbose) $(INSTALL) -b -m 644 $< $@
511
512 ########################################
513 #
514 # Build Appconfig files
515 #
516 $(tmpdir)/initrc_context: $(appconf)/initrc_context
517 @mkdir -p $(tmpdir)
518 $(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z]' > $@
519
520 ########################################
521 #
522 # Install Appconfig files
523 #
524 install-appconfig: $(appfiles)
525
526 $(installdir)/booleans: $(booleans)
527 @mkdir -p $(tmpdir)
528 @mkdir -p $(installdir)
529 $(verbose) $(SED) -r -e 's/false/0/g' -e 's/true/1/g' \
530 -e '/^[[:blank:]]*($$|#)/d' $(booleans) | $(SORT) > $(tmpdir)/booleans
531 $(verbose) $(INSTALL) -m 644 $(tmpdir)/booleans $@
532
533 $(contextpath)/files/media: $(appconf)/media
534 @mkdir -p $(contextpath)/files/
535 $(verbose) $(INSTALL) -m 644 $< $@
536
537 $(contextpath)/users/%: $(appconf)/%_default_contexts
538 @mkdir -p $(appdir)/users
539 $(verbose) $(INSTALL) -m 644 $^ $@
540
541 $(appdir)/%: $(appconf)/%
542 @mkdir -p $(appdir)
543 $(verbose) $(M4) $(M4PARAM) $(m4support) $< > $@
544
545 ########################################
546 #
547 # Install policy headers
548 #
549 install-headers: $(layerxml) $(tunxml) $(boolxml)
550 @mkdir -p $(headerdir)
551 @echo "Installing $(NAME) policy headers."
552 $(verbose) $(INSTALL) -m 644 $^ $(headerdir)
553 $(verbose) $(M4) $(M4PARAM) $(rolemap) > $(headerdir)/$(notdir $(rolemap))
554 $(verbose) mkdir -p $(headerdir)/support
555 $(verbose) $(INSTALL) -m 644 $(m4support) $(word $(words $(genxml)),$(genxml)) $(xmldtd) $(headerdir)/support
556 $(verbose) $(genperm) $(avs) $(secclass) > $(headerdir)/support/all_perms.spt
557 $(verbose) for i in $(notdir $(all_layers)); do \
558 mkdir -p $(headerdir)/$$i ;\
559 $(INSTALL) -m 644 $(moddir)/$$i/*.if $(headerdir)/$$i ;\
560 done
561 $(verbose) echo "TYPE ?= $(TYPE)" > $(headerdir)/build.conf
562 $(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
563 ifneq "$(DISTRO)" ""
564 $(verbose) echo "DISTRO ?= $(DISTRO)" >> $(headerdir)/build.conf
565 endif
566 $(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
567 $(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
568 $(verbose) echo "override UBAC := $(UBAC)" >> $(headerdir)/build.conf
569 $(verbose) echo "override MLS_SENS := $(MLS_SENS)" >> $(headerdir)/build.conf
570 $(verbose) echo "override MLS_CATS := $(MLS_CATS)" >> $(headerdir)/build.conf
571 $(verbose) echo "override MCS_CATS := $(MCS_CATS)" >> $(headerdir)/build.conf
572 $(verbose) $(INSTALL) -m 644 $(support)/Makefile.devel $(headerdir)/Makefile
573
574 ########################################
575 #
576 # Install policy documentation
577 #
578 install-docs: $(tmpdir)/html
579 @mkdir -p $(docsdir)/html
580 @echo "Installing policy documentation"
581 $(verbose) $(INSTALL) -m 644 $(docfiles) $(docsdir)
582 $(verbose) $(INSTALL) -m 644 $(wildcard $(htmldir)/*) $(docsdir)/html
583
584 ########################################
585 #
586 # Install policy sources
587 #
588 install-src:
589 rm -rf $(srcpath)/policy.old
590 -mv $(srcpath)/policy $(srcpath)/policy.old
591 mkdir -p $(srcpath)/policy
592 cp -R . $(srcpath)/policy
593
594 ########################################
595 #
596 # Generate tags file
597 #
598 tags: $(tags)
599 $(tags):
600 @($(CTAGS) --version | grep -q Exuberant) || (echo ERROR: Need exuberant-ctags to function!; exit 1)
601 @LC_ALL=C $(CTAGS) -f $(tags) --langdef=te --langmap=te:..te.if.spt \
602 --regex-te='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
603 --regex-te='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
604 --regex-te='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
605 --regex-te='/^[ \t]*define\(`(\w+)/\1/d,define/' \
606 --regex-te='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
607 --regex-te='/^[ \t]*template\(`(\w+)/\1/i,template/' \
608 --regex-te='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy/modules/*/*.{if,te} policy/support/*.spt
609
610 ########################################
611 #
612 # Filesystem labeling
613 #
614 checklabels:
615 @echo "Checking labels on filesystem types: $(fs_names)"
616 @if test -z "$(filesystems)"; then \
617 echo "No filesystems with extended attributes found!" ;\
618 false ;\
619 fi
620 $(verbose) $(SETFILES) -v -n $(fcpath) $(filesystems)
621
622 restorelabels:
623 @echo "Restoring labels on filesystem types: $(fs_names)"
624 @if test -z "$(filesystems)"; then \
625 echo "No filesystems with extended attributes found!" ;\
626 false ;\
627 fi
628 $(verbose) $(SETFILES) -v $(fcpath) $(filesystems)
629
630 relabel:
631 @echo "Relabeling filesystem types: $(fs_names)"
632 @if test -z "$(filesystems)"; then \
633 echo "No filesystems with extended attributes found!" ;\
634 false ;\
635 fi
636 $(verbose) $(SETFILES) $(fcpath) $(filesystems)
637
638 resetlabels:
639 @echo "Resetting labels on filesystem types: $(fs_names)"
640 @if test -z "$(filesystems)"; then \
641 echo "No filesystems with extended attributes found!" ;\
642 false ;\
643 fi
644 $(verbose) $(SETFILES) -F $(fcpath) $(filesystems)
645
646 ########################################
647 #
648 # Clean everything
649 #
650 bare: clean
651 rm -f $(polxml)
652 rm -f $(layerxml)
653 rm -f $(modxml)
654 rm -f $(tunxml)
655 rm -f $(boolxml)
656 rm -f $(mod_conf)
657 rm -f $(booleans)
658 rm -fR $(htmldir)
659 rm -f $(tags)
660 # don't remove these files if we're given a local root
661 ifndef LOCAL_ROOT
662 rm -f $(fcsort)
663 rm -f $(support)/*.pyc
664 ifneq ($(generated_te),)
665 rm -f $(generated_te)
666 endif
667 ifneq ($(generated_if),)
668 rm -f $(generated_if)
669 endif
670 ifneq ($(generated_fc),)
671 rm -f $(generated_fc)
672 endif
673 endif
674
675 .PHONY: install-src install-appconfig install-headers generate xml conf html bare tags
676 .SUFFIXES:
677 .SUFFIXES: .c
678
679 .PHONY: dist
680 dist:
681 git archive --format=tar --prefix=selinux-policy-$(VERSION)/ HEAD | \
682 gzip -9 > selinux-policy-$(VERSION).tar.gz
The IPFire selinux policy.